security/ca_root_nss missing Let's Encrypt X3 certificate
Andrea Venturoli
ml at netfence.it
Tue Mar 26 10:21:53 UTC 2019
Hello.
I'm having trouble connecting (e.g. with fetch) to TLS servers which are
using a Let's Encrypt certificate.
The exact message depends on the client I use, but it goes along this line:
>Protocol error (TLS code: X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
>SSL Certficate error: certificate issuer (CA) not known:
> /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
Of course adding that specific certificate to
/usr/local/etc/ssl/cert.pem is enough to solve.
However, Let's encrypt seems to be widely accepted, so I was suprised
not to find it in security/ca_root_nss.
Also, some page on the Internet [1] suggests the certifiate should be there.
[1]
> https://www.linuxadminqa.com/freebsd-wget-can-not-confirm-certificates-issued-by-lets-encrypt/
Am I doing something wrong or is this certificate really missing?
If so, why? Isn't it worth adding it?
bye & Thanks
av.
More information about the freebsd-questions
mailing list